AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/03/2022

GitHub Says Recent Attack Was Highly Targeted

Microsoft-owned code hosting platform GitHub says the recent cyberattack that resulted in the cloning of private repositories was highly targeted in nature. Disclosed in mid-April, the incident involved stolen OAuth tokens issued to third-party integrators Heroku and Travis CI, which were used to download the private repositories of dozens of organizations. The two continuous integration (CI) systems help organizations automate the scanning of newly introduced code changes, to help identify vulnerabilities and malicious snippets before they enter production. These systems use authentication tokens to facilitate the automaton process, and the recent cyberattack happened after such tokens were compromised. The tokens are not stored by GitHub in their original format, meaning that a threat actor obtaining them would not be able to abuse them in attacks, the platform says.


Phisher Jailed After Tricking Pentagon Out of $24 Million

Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payment of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice. The stolen payment was meant for DOD jet fuel suppliers. Oyuntur was convicted on Thursday, and the jury found him guilty on a total of six criminal counts, including one count of conspiracy to commit wire, mail and bank fraud; two counts of bank fraud; one count of using an unauthorized access device to commit fraud; one count of aggravated identity theft; and one count of making false statements to federal law enforcement officers, the DOJ says.


Car Rental Giant Sixt Hit by Cyber-Attack

Global car rental firm Sixt has admitted that some of its business operations and services are suffering disruption after a cyber-attack struck the firm over the weekend. The German-headquartered company, which has thousands of locations in over 100 countries worldwide, released a brief statement on Sunday via parent company Sixt SE confirming the incident. It claimed that “IT irregularities” were first detected on Friday, April 29, when incident response plans kicked in. After discovering the attack, Sixt said it was able to “contain” it at an early stage. “As a standard precautionary measure, access to IT systems was immediately restricted and the pre-planned recovery processes were initiated. Many central Sixt systems, in particular the website and apps were kept up and running,” it continued.


Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine

As part of our regular Dark Web and cybercriminal research, Trustwave SpiderLabs has uncovered and analyzed postings from a  politically motivated, pro-Russian ransomware group named Stormous. The group has recently proclaimed support for Russia in its war with Ukraine, attacking the Ukraine Ministry of Foreign Affairs and allegedly obtaining and making public phone numbers, email addresses, and national identity cards. But the group also claims to have a successful ransomware operation and has taken responsibility for cyber attacks on major American brands Coca-Cola, Mattel and Danaher. In total, Stormous claims to have already accessed and defaced 700 U.S. websites and attacked 44 American companies.


Apple to bin apps that go three years without updates

Apple has warned developers it will remove their products from its App Stores if they’ve not been updated for three years. A policy update issued last Friday explained apps that “fail to meet a minimal download threshold – meaning the app has not been downloaded at all or extremely few times during a rolling 12 month period” will also be at risk of deletion from the App Store. The policy applies to iOS, iPadOS and macOS. Apple’s justification for the stance is that refreshed apps “work for the vast majority of users and support our latest innovations in security and privacy”. The company’s announcement proudly states that Apple’s attention to such matters has seen it remove 2.8 million apps from its digital storefronts over the last six years.


A YouTuber is encouraging you to DDoS Russia—how risky is this?

A YouTube influencer with hundreds of thousands of subscribers is encouraging followers to conduct cyber warfare against Russia. In a plea made this week on his channel, the YouTuber demonstrated how viewers could download a free pen-testing (DDoS) tool called Liberator and “stop that Russian propaganda machine.” Albeit the cause might seem worthwhile and appealing, how legal is DDoS, and can users get in trouble? In a YouTube video streamed Thursday, April 28th, a vlogger, Boxmining—who has over 268,000 subscribers, sought everyone’s help in stopping Russian propaganda, amid the Kremlin’s ongoing invasion of Ukraine.

Related Posts